1. PROTECTING PEOPLE AND INFORMATION Threats and Safeguards
Chapter 8
PROTECTING PEOPLE AND INFORMATION Threats and Safeguards

2. ETHICS
Ethics – the principles and standards that guide our behavior toward other people
Ethics are rooted in history, culture, and religion

3. Factors the Determine How You Decide Ethical Issues
Actions in ethical dilemmas determined by
Your basic ethical structure
The circumstances of the situation
Your basic ethical structure determines what you consider to be
Minor ethical violations
Serious ethical violations
Very serious ethical violations

4. Basic Ethical Structure

5. Circumstances of the Situation
Consequences of the action or inaction
Society’s opinion of the action or inaction
Likelihood of effect of action or inaction
Time to consequences of action or inaction
Relatedness of people who will be affected by action or inaction
Reach of result of action or inaction

6. Intellectual Property
Intellectual property – intangible creative work that is embodied in physical form
Copyright – legal protection afforded an expression of an idea
Fair Use Doctrine – may use copyrighted material in certain situations

7. Intellectual Property
Using copyrighted software without permission violates copyright law
Pirated software – the unauthorized use, duplication, distribution, or sale of copyrighted software

8. PRIVACY
Privacy – the right to left alone when you want to be, to have control over your own personal possessions, and not to be observed without your consent
Dimensions of privacy
Psychological: to have a sense of control
Legal: to be able to protect yourself

9. Privacy and Other Individuals
Key logger (key trapper) software – a program that, when installed on a computer, records every keystroke and mouse click
Screen capture programs – capture screen from video card
is stored on many computers as it travels from sender to recipient
Hardware key logger – hardware device that captures keystrokes moving between keyboard and motherboard.
Event Data Recorders (EDR) – located in the airbag control module and collects data from your car as you are driving.

10. An E-Mail is Stored on Many Computers

11. Identity Theft
Identity theft – the forging of someone’s identity for the purpose of fraud

12. Identity Theft
Phishing (carding, brand spoofing) – a technique to gain personal information for the purpose of identity theft
NEVER
Reply without question to an asking for personal information
Click directly on a Web site provided in such an

13. Pharming Pharming - rerouting your request for a legitimate Web site
sending it to a slightly different Web address
or by redirecting you after you are already on the legitimate site
Pharming is accomplished by gaining access to the giant databases that Internet providers use to route Web traffic.
It often works because it’s hard to spot the tiny difference in the Web site address.

14. Privacy and Employees
Companies need information about their employees to run their business effectively
As of March 2005, 60% of employers monitored employee e- mails
70% of Web traffic occurs during work hours
78% of employers reported abuse
60% employees admitted abuse

15. Privacy and Employees Cyberslacking – misuse of company resources
Visiting inappropriate sites
Gaming, chatting, stock trading, social networking, etc.

16. Reasons for Monitoring
Hire the best people possible
Ensure appropriate behavior on the job
Avoid litigation for employee misconduct

17. Privacy and Consumers Consumers want businesses to
Know who they are, but not to know too much
Provide what they want, but not gather information on them
Let them know about products, but not pester them with advertising

18. Cookies
Cookie – a small file that contains information about you and your Web activities, which a Web site places on your computer
Handle cookies by using
Web browser cookie management option
Buy a program that manages cookies

19. Spam
Spam – unsolicited from businesses advertising goods and services
Gets past spam filters by
Inserting extra characters
Inserting HTML tags that do nothing
Replying usually increases, rather than decreases, amount of spam

20. Adware and Spyware
Adware – software to generate ads that installs itself when you download another program
Spyware (sneakware, stealthware) – software that comes hidden in downloaded software and helps itself to your computer resources

21. Trojan Horse Software
Trojan horse software – software you don’t want inside software you do want
Some ways to detect Trojan horse software
AdAware at
The Cleaner at
Spyware Doctor at
Check it out before you download at

22. Web Logs
Web log – one line of information for every visitor to a Web site
Clickstream – records information about you during a Web surfing session such as what Web sites you visited, how long you were there, what ads you looked at, and what you bought.
Anonymous Web browsing (AWB) – hides your identity from the Web sites you visit
The Anonymizer at
SuftSecret at

23. Privacy and Government Agencies
About 2,000 government agencies have databases with information on people
Government agencies need information to operate effectively
Whenever you are in contact with government agency, you leave behind information about yourself

24. Government Agencies Storing Personal Information
Law enforcement
NCIC (National Crime Information Center)
FBI
Electronic Surveillance
Carnivore or DCS-1000
Magic Lantern (software key logger)
NSA (National Security Agency)
Echelon collect electronic information by satellite

25. Government Agencies Storing Personal Information
IRS
Census Bureau
Student loan services
FICA
Social Security Administration
Social service agencies
Department of Motor Vehicles

26. Laws on Privacy
Health Insurance Portability and Accountability Act (HIPAA) protects personal health information
Financial Services Modernization Act requires that financial institutions protect personal customer information
Other laws in Figure 8.6 on page 240

27. SECURITY AND EMPLOYEES
Attacks on information and computer resources come from inside and outside the company
Computer sabotage costs about $10 billion per year
In general, employee misconduct is more costly than assaults from outside

28. Security and Outside Threats
Hackers – knowledgeable computer users who use their knowledge to invade other people's computers
Computer virus (virus) – software that is written with malicious intent to cause annoyance or damage
Worm – type of virus that spreads itself from computer to computer usually via
Denial-of-service (DoS) attack – floods a Web site with so many requests for service that it slows down or crashes

29. Computer Viruses Can’t
Hurt your hardware
Ex: Monitors, printers, processors, etc.
Hurt any files they weren’t designed to attack
Ex: A worm designed to attack Outlook won’t attack other e- mail programs
Infect files on write-protected media

30. Security Measures
Anti-virus software – detects and removes or quarantines computer viruses
Anti-spyware and anti-adware software
Spam protection software – identifies and marks and/or deletes Spam
Anti-phishing software – lets you know when phishing attempts are being made
Firewall – hardware and/or software that protects a computer or network from intruders

31. Security Measures
Anti-rootkit software – stops outsiders taking control of your machine
Encryption – scrambles the contents of a file so that you can’t read it without the decryption key
Public Key Encryption (PKE) – an encryption system with two keys: a public for everyone and a private one for the recipient
Biometrics – the use of physiological characteristics for identification purposes